Use the policy objects available to help you build out your
Web Access Policies
Global Web Access
Enforces your web application
and URL category access restrictions for all users.
Global Catch All Policy
Sets the default action for all outbound traffic to any Web
Application or URL Category to allow. It’s a good practice to you
leave the Global Catch All Policy enabled. Otherwise, any traffic
not matching your Web Security rules is enforced according to the
policies defined under
NGFW and Prisma Access
Use this table to guide you as you put together your
Web access policies are enforced from top to bottom. Blocked
applications and URLs always supersede applications or URLs that
Action to take:
What's the purpose of this policy
Give your policy a name. Optionally, you can
add a description, tags, and a schedule for your policy. Giving
your policy a descriptive name and a meaningful description of its
purpose makes it easier to manage later on not just for you, but
for other administrators as well. Tags can help you group policies
with similar characteristics. Schedules can help you manage policies
that need to be enforced at regular intervals.
Where and for whom your policy is enforced
section, define traffic to enforce based on its source.
Add users and groups of users whom your policy affects.
- You can enforce
traffic based on the deployment type:
- Add a device posture
profile to use device state information such as whether
a device is jailbroken for policy enforcement.
What gets blocked
Blocked Web Applications
sections, add applications and URL categories
to block - Focus on unsanctioned and risky applications that do
not have legitimate use in your network and malicious websites.
Allowed Web Applications
sections, add sanctioned
applications and URL categories to explicitly allow for
enterprise use. You can restrict access to features within
specific allowed applications. You may want to allow Gmail,
but block access to chat or calls within Gmail, for example.
You can also choose what actions to take on files entering
your network via allowed applications on a per application
basis using file controls. You can Pre-configure file
control rules using custom
profiles and employ those custom profiles in your
web access policies.
at the top
right corner of your screen.
Enter a description if you’d like, and then
new policy and settings to the cloud for enforcement.